ThreatList: Sharp Increase in Fake Mobile Apps Impersonating Legit Ones

Consumers don’t vet apps well enough to mitigate mobile threat risk, according to the latest mobile-threat report from RiskIQ

Malicious mobile apps that try to dupe consumers by mimicking reputable apps is a persistent problem that’s on the rise, making an app store’s commitment to security a key factor to consider for mobile users who want to avoid these threats, according to a new report.

The number of blacklisted apps — i.e., those that are known to be malicious and compiled on industry blacklists — increased 20 percent in the second quarter of 2019, from 44,850 to 53,955, according to the Mobile Threat Landscape Q2 report by RiskIQ, released Thursday.

Moreover, the percentage of blacklisted apps relative to the total number of apps known by RiskIQ also increased for the second-straight quarter, jumping from 1.95 percent to 2.1 percent.

At the same time, however, the number of blacklisted apps in the Google Play Store decreased dramatically by 59 percent, demonstrating an effort by reputable mobile app providers to keep malicious apps off of consumer devices, said Jordan Herman, the RiskIQ researcher who wrote the report.

“The threat landscape is always changing,” he told Threatpost in an email interview. “Ultimately, some app stores are safer than others because of their commitment to security. Consumers must understand that there are so many risks out there that they are safest by just sticking with the reputable stores that commit resources to security — namely Apple and Google.”

In the second quarter, RiskIQ detected more than 2.5 million app downloads, a nearly 11 percent increase from the first quarter, according to the report. Researchers also found that 30 percent, or 1.2 million, of 4.2 million total apps matching tax-branded key terms in app stores around the world were actually blacklisted apps.

Impersonating popular mobile apps is a successful tactic for cybercriminals because people recognize and make instantaneous judgments about visual stimuli, which could fool them into buying a blacklisted or even a “feral” app, Herman told us. RiskIQ uses “feral” to describe apps that researchers observe outside of an app store, which users could encounter on a random website or through an online ad, he said.

“They’re no more or less dangerous than malicious apps observed in app stores, there is just a higher likelihood that they are malicious, vs. apps downloaded from Google Play or Apple,” Herman told Threatpost.

With global app spending expected to surpass the $101 billion mark it hit last year, mobile is a significant part of the overall corporate attack surface, according to RiskIQ. It’s also one over which security teams often lack control because of individual user behavior of lack of corporate visibility into these devices, researchers said.

“Smart mobile devices are uniquely enticing targets,” Herman told Threatpost in the interview. “First, more than 5 billion people own mobile devices around the world today. This is a huge potential victim pool. Second, they go everywhere with us and can be used to learn everything about us, from the most intimate to the mundane.”

Some of the actions performed by malicious mobile apps include lifting location data from the device; surreptitious video and audio recordings, and exfiltration of call logs, messages, emails, banking information and credentials, he said.

Others are focused on financial gain and pilfer money from users by malicious ads and causing the phone to click on them, or they may steal personal or banking data for use in identity theft or cyber crime, Herman said.

Still other malicious mobile apps are more targeted and intended to conduct “surveillance of targets like minority groups or journalists,” he told Threatpost.

Suggested articles

Stealthy MacOS Malware Tied to Lazarus APT

Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry.

Discussion

  • S. R. - Apple Developer on

    This is irresponsible reporting. The generic term "apps" is used. The apps are not specified as being Android and/or iOS. But the image at the top is from an iOS device. Biased. Do a better job next time.
  • Lisa Darnell on

    What should you do to get back control of your device if someone has put a developer report malware on your device as a admin. Can't find what's its hidden under but I'm more then certain its logged onto my email. Please help..thank you

Leave A Reply to S. R. - Apple Developer Cancel Reply

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.